[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 28 12:01:01 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62980471 by Moritz Muehlenhoff at 2018-02-28T12:59:59+01:00
NFUs

- - - - -
2faae3ca by Moritz Muehlenhoff at 2018-02-28T13:00:35+01:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -16491,7 +16491,7 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered 
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
 	NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
 CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega ...)
-	TODO: check
+	NOT-FOR-US: Pegasystems Pega Platform
 CVE-2017-17477
 	RESERVED
 CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
@@ -21422,13 +21422,13 @@ CVE-2017-16772
 CVE-2017-16771
 	RESERVED
 CVE-2017-16770 (File and directory information exposure vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Synology Surveillance Station
 CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...)
 	NOT-FOR-US: Synology MailPlus Server
 CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology ...)
-	TODO: check
+	NOT-FOR-US: Synology Surveillance Station
 CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...)
@@ -66597,7 +66597,7 @@ CVE-2017-1776
 CVE-2017-1775
 	RESERVED
 CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...)
 	NOT-FOR-US: IBM DataPower Gateways
 CVE-2017-1772
@@ -80333,9 +80333,9 @@ CVE-2016-6601 (Directory traversal vulnerability in the file download functional
 CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...)
 	NOT-FOR-US: ZOHO WebNMS
 CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
-	TODO: check
+	NOT-FOR-US: BMC Track-It!
 CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
-	TODO: check
+	NOT-FOR-US: BMC Track-It!
 CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...)
 	NOT-FOR-US: Sophos EAS Proxy
 	NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
@@ -106787,7 +106787,7 @@ CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Netw
 CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x ...)
 	NOT-FOR-US: CubeCart
 CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID eShop ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop
 CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...)
 	- wolfssl 3.9.10+dfsg-1 (bug #801120)
 CVE-2015-6924
@@ -107837,7 +107837,7 @@ CVE-2015-6571
 CVE-2015-6570
 	RESERVED
 CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...)
 	NOT-FOR-US: Wolf CMS
 CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...)
@@ -113673,7 +113673,7 @@ CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows r
 CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...)
 	NOT-FOR-US: eFront CMS
 CVE-2015-4461 (Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and ...)
-	TODO: check
+	NOT-FOR-US: eFront CMS
 CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: C2Box
 CVE-2015-4459
@@ -113851,7 +113851,7 @@ CVE-2015-4402
 CVE-2015-4401
 	RESERVED
 CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Ring video doorbells
 CVE-2015-4399
 	RESERVED
 CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module ...)
@@ -116024,9 +116024,9 @@ CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...
 CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
 	NOT-FOR-US: Fortinet FortiAnalyzer
 CVE-2015-3619 (Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2015-3618 (Cross-site scripting (XSS) vulnerability in Nagios Business Process ...)
-	TODO: check
+	NOT-FOR-US: Nagios Business Process Intelligence
 CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow ...)
 	NOT-FOR-US: Fortinet
 CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x before ...)
@@ -162438,9 +162438,9 @@ CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshar
 CVE-2013-3554
 	RESERVED
 CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2013-3551
 	RESERVED
 	{DSA-2696-1}
@@ -164174,7 +164174,7 @@ CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug-
 CVE-2013-2831
 	RESERVED
 CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 ...)
-	TODO: check
+	NOT-FOR-US: SumatraPDF Reader
 CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote ...)
 	NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server
 CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84887876eca3df110c1b8b20a4bb39d86627d202...2faae3ca0a2b2facd44daaa3028d3c2cd8bd09e8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/84887876eca3df110c1b8b20a4bb39d86627d202...2faae3ca0a2b2facd44daaa3028d3c2cd8bd09e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/99bc98ff/attachment-0001.html>

More information about the Secure-testing-commits mailing list